<html>
    <head>
        <meta http-equiv="X-UA-Compatible" content="IE=9" />
        <title></title>
        <link rel="stylesheet" type="text/css" href="style3.css"/>
    </head>
    <?php
    print "<h1>Incoming Requests</h1>";
    
    session_start();
    $member_id = $_SESSION['member_id'];

    @mysql_connect("localhost", "root", "") or die(mysql_error());
    mysql_select_db("mydb") or die(mysql_error());

    if (isset($_SESSION['member_id'])) {  // checks that the current user id is passed in the session
        $member_id = $_SESSION['member_id']; // saves its value in $currentUserID
        // retrieve the invitation request text from the 'request' table to show it to the current user in his/her requests section
        $get_request = mysql_query("SELECT request, request.request_id, member_request_member.type from member_request_member, request WHERE
        member_request_member.request_id = request.request_id and approve IS NULL and member_id2 = '$member_id'")
                or die(mysql_error());
        // count the number of rows returned from the query
        if (!mysql_num_rows($get_request)) {
            echo "<p align='center'>No pending invitation requests!</p>";
            // if the query return some value
        } else {

            // initialize transparent table to print in
            print '<table width="100%">
       <td><b>Description</b></td></tr>';


            //loop on the results from the query
            while ($row = mysql_fetch_assoc($get_request)) {
                // check that the request type is for a reviewer, organizer or an author
                if ($row['type'] == 'R' || $row['type'] == 'A' || $row['type'] == 'O') {
                    // save this request id in a variable
                    $request_id = $row['request_id'];
                    // print each request message in the table
                    print " <tr><td>{$row['request']} </td></tr>";
                    ?>
                    <form method="post" action="">
                        <? // the Accept button ?>
                        <tr><td><input type="submit" name="Accept" value="Accept"></td>
                            <? // the Reject button ?>
                            <td><input type="submit" name="Reject" value="Reject" ></td>
                            <? // an invisible button that keeps track of the current request ID for preserving uniqueness ?>
                            <td><input type="hidden" name="requestID" value="<?php echo $row['request_id'] ?>"/></td></tr>
                    </form>
                    <?php
                    // returns the current conference title, from the conference id
                    $get_conference_id = mysql_query("SELECT conference_id,type from member_request_member where member_id2 ='$member_id' AND
                request_id ='$request_id'") or die(mysql_error());
                    $row = mysql_fetch_assoc($get_conference_id);
                    // save the conference id in a variable
                    $confid = $row['conference_id'];
                    $request_type = $row['type'];
                }
                // incase the request sent was not with the 3 specified types (O,R and A)
                else {
                    echo "this is a wrong request type";
                }
            }
            // print the whole table of pending requests
            echo '</table>';
        }
    } else {
        echo"this action can not be performed!";
    }

    // if the accept button pressed
    if (isset($_POST['Accept'])) {
        // excute this method
        onAccept($confid, $_POST['requestID']);
        // *Author: Nour-Allah till line 88
        // print a message confirming the member's membership in the current conference
        if ($request_type == 'R') {
            // Select first_name, second_name 
            $Name = mysql_query("SELECT first_name, last_name FROM member WHERE member_id = '$member_id' ");
            $row = mysql_fetch_assoc($Name);
            // check if first_name or second_name == NULL
            if ($row['first_name'] == NULL || $row['last_name'] == NULL) {

                // Create a link that redirects to the next page which is submission and sending to it the conference
                //print " <a href='SignUp.php?from=A&member_id={$member_id}&conference_id={$confid}'>Click here</a>";

                header("Location: SignUp.php?from=B&member_id={$member_id}");
            } else {
                 ?>  <meta http-equiv ="refresh" content="0.25" /> <?
                echo '<script>',
                'alert("You are now a reviewer in the current conference!");',
                '</script>';
            }
            // *Author: Nour-Allah till line 119
        } else if ($request_type == 'A') {
            // Select first_name, second_name 
            $Name = mysql_query("SELECT first_name, last_name FROM member WHERE member_id = '$member_id' ");
            $row = mysql_fetch_assoc($Name);
            // check if first_name or second_name == NULL
            if ($row['first_name'] == NULL || $row['last_name'] == NULL) {

                // Create a link that redirects to the next page which is submission and sending to it the conference
                //print " <a href='SignUp.php?from=A&member_id={$member_id}&conference_id={$confid}'>Click here</a>";

                header("Location: SignUp.php?from=C&conference_id={$confid}&member_id={$member_id}&request_id={$request_id}&new='1'");
            } else {
                // Create a link that redirects to the next page which is submission and sending to it the conference
                header("Location: submission.php?conference_id={$confid}&member_id={$member_id}&request_id={$request_id}&new='1'");
            }
        } else {
            // Select first_name, second_name 
            $Name = mysql_query("SELECT first_name, last_name FROM member WHERE member_id = '$member_id' ");
            $row = mysql_fetch_assoc($Name);
            // check if first_name or second_name == NULL
            if ($row['first_name'] == NULL || $row['last_name'] == NULL) {

                // Create a link that redirects to the next page which is submission and sending to it the conference

                header("Location: SignUp.php?from=B&member_id={$member_id}");
            } else {
                 ?>  <meta http-equiv ="refresh" content="0.25" /> <?
                echo '<script>',
                'alert("You are now an organizer in the current conference!");',
                '</script>';
            }
        }
        //echo 'you are now a reviewer in the ' ."$conference_title". 'conference';
    }

    // if the user rejects
    else if (isset($_POST['Reject'])) {
       
        // excute this method
        onReject($confid, $_POST['requestID']);
        // print a message confirming the user's response
        
       ?>  <meta http-equiv ="refresh" content="0.25" /> <?
        echo '<script>',
        'alert("Your response has been saved. Thank you!");',

        '</script>';
        
    
    }

// if the user accepts the request ,this method is excuted

    function onAccept($confid, $request_id) {

        if (isset($_SESSION['member_id'])) {  // checks that the current user id is passed in the session
            $member_id = $_SESSION['member_id']; // saves its value in $currentUserID
            // returns the privilege ID for a reviewer
            $privileges_id_reviewer = mysql_query(" SELECT privileges_id from privileges where role = 'reviewer'");
            $row = mysql_fetch_assoc($privileges_id_reviewer);
            $privileges_id_reviewer = $row ['privileges_id'];

            // returns the privilege ID for an organizer
            $privileges_id_organizer = mysql_query(" SELECT privileges_id from privileges where role = 'organizer'");
            $row = mysql_fetch_assoc($privileges_id_organizer);
            $privileges_id_organizer = $row ['privileges_id'];

            // returns the type of the current request, either reviewer or organizer
            $get_request_type = mysql_query("SELECT type from member_request_member, request WHERE member_id2 = '$member_id' AND Approve IS NULL and member_request_member.request_id = '$request_id'
    and member_request_member.request_id = request.request_id")
                    or die(mysql_error());
            $row = mysql_fetch_assoc($get_request_type);
           

            //checks if the request is a reviewer request
            if ($row['type'] == 'R') {
                // inserts the current user ID,reviewer privilege ID and conference ID into the member privileges table to update the members privileges with the new privilege
                mysql_query("INSERT INTO member_privileges (member_id, privileges_id, conference_id)
         VALUES('$member_id', '$privileges_id_reviewer', '$confid')") or die('insertion error in r' . mysql_error());
                // update approve field to true
                mysql_query("UPDATE member_request_member SET approve = '1' where member_id2 = '$member_id' and conference_id= '$confid' and type = 'R'
                and request_id ='$request_id'") or die('here1' . mysql_error());
            }
            //checks that the current request is an organizer request
            else if ($row['type'] == 'A') {
                //header("Location: conferencePage.php?conference_id={$confid}&&member_id={$member_id}&&new=1");
            } else {
                // inserts the current user ID,reviewer privilege ID and conference ID into the member privileges table to update the members privileges with the new privilege
                mysql_query("INSERT INTO member_privileges (member_id, privileges_id, conference_id)
         VALUES('$member_id', '$privileges_id_organizer', '$confid')") or die('insertion error in o' . mysql_error());
                // update approve field to true
                mysql_query("UPDATE member_request_member SET approve = '1' where member_id2 = '$member_id' and conference_id= '$confid' and type = 'O'
                and request_id ='$request_id'") or die('here2' . mysql_error());
            }
        }
    }

    function onReject($confid, $request_id) {
        // checks that the current user id is passed in the session
        if (isset($_SESSION['member_id'])) {
            // saves its value in $currentUserID
            $member_id = $_SESSION['member_id'];

            // returns the type of request send, either reviewer or organizer
            $get_request_type = mysql_query("SELECT type,approve from member_request_member WHERE member_id2 = '$member_id' and Approve IS NULL")
                    or die(mysql_error());
            $row = mysql_fetch_assoc($get_request_type);
            // save type in a variable
            $request_type = $row ['type'];
            //checks that the request is a reviewing request
            if ($request_type == 'R') {
                // update approve field to true
                mysql_query("UPDATE member_request_member SET approve = '0' where member_id2 = '$member_id' and conference_id= '$confid' and type = 'R'
                and request_id ='$request_id'") or die('here1' . mysql_error());
            }
            //checks that the request is a request for becoming an author
            else if ($request_type == 'A') {
                // update approve field to true
                mysql_query("UPDATE member_request_member SET approve = '0' where member_id2 = '$member_id' and conference_id= '$confid' and type = 'A'
                and request_id ='$request_id'") or die('here1' . mysql_error());
            }
            //checks that the request is a reviewing request
            else {
                // update approve field to true
                mysql_query("UPDATE member_request_member SET approve = '0' where member_id2 = '$member_id' and conference_id= '$confid' and type = 'O'
              and request_id ='$request_id'") or die('here1' . mysql_error());
            
            }
        } else {
            echo "this action can not be performed!";
        }
    }
    ?>
    <?php
    //establish the connection with the database
    $con = mysql_connect("localhost", "root", "");
    if (!$con) {
        die('Could not connect:' . mysql_error());
    }
    mysql_select_db("mydb");
    //take the current member id from the s
    $id = $_SESSION['member_id'];
    //check whether this user is main organizer or not
    $check_Mainorganizer = mysql_query("SELECT* FROM conference
                       WHERE creator_id ='$id'") or die(mysql_error());
    //enter the while loop only if the current user is a main organizer in one of the conferences
    While ($row = mysql_fetch_assoc($check_Mainorganizer)) {
        // take the conference id and the name of the conference
        $conference_id = $row['conference_id'];
        $conference_name = $row['long_name'];
        //check whether this conference has any requests or not
        $has_Request = mysql_query("SELECT* FROM  Member_SubscribesTo_Conference
                       WHERE conference_id ='$conference_id' AND approve = 0") or die(mysql_error());
        //if has_request is empty then he has no requests
        if (!mysql_num_rows($has_Request)) {
            echo 'No pending requests!';

            // if the query return some value
        } else {
            // initialize transparent table to print in
            print '<table width="100%">
                     <td><b>Members who want to subscribe in your conferences:</b></td></tr>';
            //enters the while only if there is at least one request
            while ($row = mysql_fetch_assoc($has_Request)) {
                //take the request id and type from table Member_SubscribesTo_Conference
                $request_id = $row['member_id'];
                $request_type = $row['request_type'];
                //check the requestor name from table members
                $requestor_name = mysql_query("SELECT* FROM member
                       WHERE member_id ='$request_id'") or die(mysql_error());
                while ($row = mysql_fetch_assoc($requestor_name)) {
                    $request_name = $row['first_name'] . ' ' . $row['last_name'];
                }
                // if the requestor wants to become an organizer
                if ($request_type == 'O') {
                    print " <tr><td> $request_name wants to be an Organizer in conference $conference_name  </td></tr>";
                } //if he wants to become a reviewer
                else if ($request_type == 'R') {
                    print " <tr><td> $request_name wants to be a Reviewer in conference $conference_name  </td></tr>";
                }
                ?>
                <form method="post" action="">
                    <tr><td><input type="submit" name="yes" value="Accept"></td>
                        <td><input type="submit" name="no" value="Reject"></td>
                        <td><input type="hidden" name="requestType" value="<?php echo $request_type ?>"/></td></tr>

                </form>
                <?php
            }
        }
        // button yes means that the request is accepted
        if (isset($_POST['yes'])) {
            //know which type the user wants to be
            $Requesttype = $_POST['requestType'];
            //he wants to become an organizer
            if ($Requesttype == 'O') {
                //bring the organizer id from table privileges
                $privileges_id_organizer = mysql_query("SELECT privileges_id from privileges where role = 'organizer'")
                        or die(mysql_error());
                While ($row = mysql_fetch_assoc($privileges_id_organizer)) {
                    $privileges_id = $row['privileges_id'];
                }
                //insert this member as an organizer in the conference in table Member_Privileges
                mysql_query("INSERT INTO Member_Privileges(member_id, privileges_id, conference_id)
                  VALUES ('$request_id','$privileges_id','$conference_id')")
                        or die(mysql_error());
                //update table Member_SubscribesTo_Conference and make that the request has been responded to
                mysql_query("UPDATE Member_SubscribesTo_Conference SET approve = '1' where member_id = '$request_id' AND conference_id = '$conference_id' AND request_type = 'O'") or die(mysql_error());
                //send a message to the requestor to inform him that the request is accepted
                $message = 'conference' . ' ' . $conference_name . ' has accepted your request to become an Organizer';
                //insert the message in table messages
                mysql_query("INSERT INTO messages (message) VALUES ('$message')");
                //get the message id which has been sent
                $message_id = mysql_query("SELECT * FROM messages WHERE message='$message'");
                While ($row = mysql_fetch_assoc($message_id)) {
                    $mesid = $row['message_id'];
                }
                //insert the message in table member_message_member
                $re = mysql_query("INSERT INTO member_message_member (member_id1, member_id2,conference_id, message_id)
                                VALUES ($id, $request_id, $conference_id, $mesid)");

                echo 'The request has been accepted and a message is sent to the member to inform him';
                ?>  <meta http-equiv ="refresh" content="0.25" /> <?
            }//he wants to become a reviewer
            else if ($Requesttype == 'R') {
                //bring the reviewer id from table privileges
                $privileges_id_reviewer = mysql_query("SELECT privileges_id from privileges where role = 'reviewer'")
                        or die(mysql_error());
                While ($row = mysql_fetch_assoc($privileges_id_reviewer)) {
                    $privileges_id = $row['privileges_id'];
                }
                //insert this member as a reviewer in the conference in table Member_Privileges
                mysql_query("INSERT INTO Member_Privileges(member_id, privileges_id, conference_id)
                  VALUES ('$request_id','$privileges_id','$conference_id')")
                        or die(mysql_error());
                //update table Member_SubscribesTo_Conference and make that the request has been responded to
                mysql_query("UPDATE Member_SubscribesTo_Conference SET approve = '1' where member_id = '$request_id' AND conference_id = '$conference_id' AND request_type = 'R'") or die(mysql_error());
                //send a message to the requestor to inform him that the request is accepted
                $message = 'conference' . ' ' . $conference_name . ' has accepted your request to become a Reviewer';
                //insert the message in table messages
                mysql_query("INSERT INTO messages (message) VALUES ('$message')");
                //get the message id which has been sent
                $message_id = mysql_query("SELECT * FROM messages WHERE message='$message'");
                While ($row = mysql_fetch_assoc($message_id)) {
                    $mesid = $row['message_id'];
                }
                //insert the message in table member_message_member
                $re = mysql_query("INSERT INTO member_message_member (member_id1, member_id2,conference_id, message_id)
                                VALUES ($id, $request_id, $conference_id, $mesid)");

                echo 'The request has been accepted and a message is sent to the member to inform him';
                ?>  <meta http-equiv ="refresh" content="0.25" /> <?
            }
        } // button no means that the request is rejected
        if (isset($_POST['no'])) {
            //update table Member_SubscribesTo_Conference and make that the request has been responded to
            mysql_query("UPDATE Member_SubscribesTo_Conference SET approve = '1' where member_id = '$request_id ' AND conference_id = '$conference_id' AND request_type = 'O'") or die(mysql_error());
            //send a message to the requestor to inform him that the request is rejected
            $message = 'conference' . ' ' . $conference_name . ' has rejected your request';
            //insert the message in table messages
            
            mysql_query("INSERT INTO messages (message) VALUES ('$message')");
            //get the message id which has been sent
            $message_id = mysql_query("SELECT * FROM messages WHERE message='$message'");
            While ($row = mysql_fetch_assoc($message_id)) {
                $mesid = $row['message_id'];
            }
            //insert the message in table member_message_member
            $re = mysql_query("INSERT INTO member_message_member (member_id1, member_id2,conference_id, message_id)
                                VALUES ($id, $request_id , $conference_id, $mesid)");

            echo 'The request has been rejected and a message is sent to the member to inform him';
            ?>  <meta http-equiv ="refresh" content="0.25" /> <?
        }
    }
    ?>